|
1951
|
5.4 |
MEDIUM
Network
|
tenda
|
ac18_firmware
|
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows…
|
CWE-77
Command Injection
|
CVE-2026-31255
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1952
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without pro…
|
CWE-79
Cross-site Scripting
|
CVE-2026-29971
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1953
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements…
|
CWE-94
Code Injection
|
CVE-2026-27760
|
2026-04-29 00:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1954
|
9.4 |
CRITICAL
Network
|
-
|
-
|
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
|
CWE-89
SQL Injection
|
CVE-2024-46636
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1955
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php.
|
CWE-89
SQL Injection
|
CVE-2021-36438
|
2026-04-29 00:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1956
|
8.1 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOB reads parsing symlink error response
When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message()
r…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31613
|
2026-04-29 00:13 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1957
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usbip: validate number_of_packets in usbip_pack_ret_submit()
When a USB/IP client receives a RET_SUBMIT response,
usbip_pack_ret_…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31607
|
2026-04-29 00:11 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1958
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
l2cap_ecred_data_rcv() reads the SDU le…
|
NVD-CWE-noinfo
|
CVE-2026-31512
|
2026-04-29 00:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1959
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
udp: Fix wildcard bind conflict check when using hash2
When binding a udp_sock to a local address and port, UDP uses
two hashes (…
|
NVD-CWE-noinfo
|
CVE-2026-31503
|
2026-04-29 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1960
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: fix fanout UAF in packet_release() via NETDEV_UP race
`packet_release()` has a race window where `NETDEV_UP` can re-register…
|
CWE-416
Use After Free
|
CVE-2026-31504
|
2026-04-29 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
